DevBank and Your Explorer Key
DevBank is an API environment running the full stack of Apiture APIs for the Apiture Developer Portal (Dev Portal).
This sandbox environment exists only for testing purposes—for trying out and learning the Apiture APIs from the Dev Portal or from your own development environment, tools, and test applications. The Get Started page and the Try It feature in the API Reference execute API calls against the DevBank environment.
DevBank is not connected to any real money movement. While you can create accounts via the Account Applications and Accounts APIs, you cannot transfer money into or out of the accounts: they are not real accounts. In addition, no scheduled transfers are processed, and any transaction history is mock data.
The Apiture APIs are deployed in DevBank at
Authentication and Authorization
When you log on to developer.apiture.com, the Dev Portal coordinates authentication with DevBank, which uses the Dev Portal as the identity server.
The authentication bearer token granted when you log onto the Dev Portal may be used for API calls on DevBank. (See Secure Access for more information about calling Apiture APIs in a secure manner.)
The Apiture APIs will create resources owned by your Dev Portal identity, and the APIs will return only the data associated with your Dev Portal identity. All resources in the APIs are guarded by end-user entitlements. For example, each user can see their accounts, but not other peoples’ accounts. (However, co-owners and authorized signers can see their associated accounts.)
Your DevBank Explorer API Key and Access Token
Your My Account page also shows your Explorer Key (once approved)
which you can use as an API Key for API calls.
The key and token are both presented as masked data in the Try It blocks.
Click the “eye-con” in your My Account page to reveal your Explorer Key and your access token.
Copy these values for use outside the Dev Portal,
such as in
or in Postman or other API testing tools.
Your Explorer Key is associated with the client application,
The Dev Portal automatically inserts your Explorer Key and your access token
in the Try It blocks in the API reference or tutorials
API-Key request header
Authorization: Bearer <access-token> request header,
For example, if you reveal your explorer key and access tokens
and they have the values
you can use them in an API call via
# Use bash `read' so your key and token are not saved in shell history: $ read KEY 4508485571702fea0e8b $ read TOKEN ef0ea4086f04d14d3984c4aefaf7e0aa5c $ curl "-HAPI-Key:$KEY" \ "-HAuthorization: Bearer $TOKEN" \ https://api.devbank.apiture.com/accounts/accounts
Your Explorer access token expires every 45 minutes, but the Dev Portal automatically refreshes it if you remain active. If you try an API call with your Explorer Key and token and get a 401 Unauthorized or 403 Forbidden HTTP response code, your may have used an expired access token. Return to your My Account page and copy the most recent access token.
You should treat both the Explorer API key and your access token as secret data. Do not share your key or token with others, embed them in source code, etc.
Generating Sample Data
The Dev Portal My Account page also has a button to allow you to
generate sample data to create a new savings account owned by your Dev
Portal identity, but created with mock data. The data generation may
take a few minutes. After generating data, you should see some data
getAccounts operation in the Accounts API, the
operation in the Contacts API, and more.
If you visit the developer portal without authenticating, the Dev Portal will use a Discoverer API Key and a private access token. These allow visitors to try the APIs without registering or logging in, but have limited permissions. Both of these expire on a regular basis and are presented as masked data in the Try It blocks.